NSA sets 2035 deadline for adoption of post-quantum cryptography across national security systems

The intelligence agency expects traditional networking equipment to comply with the new standards by 2030.
NSA, National Security Agency, RSA 2019
(Scoop News Group photo)

The National Security Agency in new guidance Wednesday said it expects the owners and operators of national security systems to start using post-quantum algorithms by 2035.

In an advisory note, the intelligence agency recommended that vendors start preparing for the new technology requirements but acknowledged that some quantum-resistant algorithms have yet to be approved for use.

Prior to full adoption within the intelligence community and U.S. military, the new algorithmic standards will be approved by the National Institute of Standards and Technology and the National Information Assurance Partnership.

The memorandum includes Commercial National Security Algorithm Suite 2.0 — a new set of cryptographic standards from the agency — and comes amid rising concern about the potential for foreign adversaries to use advanced computing technology to break the public-key cryptography that for years has secured most federal systems.


Alongside the overall 2035 deadline, NSA said it expected the timeframe for the adoption of post-quantum algorithms to vary between technologies, and issued a range of additional milestones it expects the intelligence community and its vendors to hit.

According to the advisory, NSA expects that software and firmware signing for national security systems will exclusively use Commercial National Security Algorithm Suite 2.0 by 2030.

The agency expects also that traditional networking equipment such as virtual private networks and routers adopt the new standards by 2030, and that web browsers, servers and cloud services exclusively use the new algorithms by 2033.

NSA’s new guidance comes after the National Institute of Standards and Technology in July chose four quantum-resistant cryptographic algorithms it will standardize to protect sensitive data from quantum computers.

At the time, NIST selected the CRYSTALS-Kyber algorithm for general encryption of data exchanged across public networks and the CRYSTALS-DilithiumFALCON and SPHINCS+ algorithms for digital signatures used to verify identities often during transactions.


The standards agency continues to consider four alternative algorithms with different approaches for general encryption, should others prove vulnerable to quantum computers in the long run.

Commenting on the new guidance, NSA Director of Cybersecurity Rob Joyce said: “This transition to quantum-resistant technology in our most critical systems will require collaboration between government, National Security System owners and operators, and industry.”

He added: “Our hope is that sharing these requirements now will help efficiently operationalize these requirements when the time comes. We want people to take note of these requirements to plan and budget for the expected transition, but we don’t want to get ahead of the standards process.”

Latest Podcasts